HSL Loggin & Splunk

Question

Hi Everyone,We are trying to build to HSL logging via the irules to the splunk. Here are the steps implemented so far.1. created a UDP 514 pool with remote logging servers.when CLIENT_ACCEPTED {set client_address [IP::client_addr]set syslogpool "splunk_hsl_pool_514"set vip [IP::local_addr]set hsl [HSL::open -proto UDP -pool $syslogpool]}when CLIENTSSL_HANDSHAKE {set ssl_cipher_negotiated [SSL::cipher name]set ssl_version [SSL::cipher version]#log local0. "Ciphers: $ssl_cipher_negotiated &amp; the version :$ssl_version"HSL::send $hsl "Ciphers: $ssl_cipher_negotiated &amp; the version :$ssl_version"}3. The irule applied on to the Virtual servers.I couldnt see anything when i search in splunk. It would be great if any one can help me with this.

neeeewbie · Answer

Hi
did you see any log on /var/log/ltm ?
please check logs&nbsp;

Forum Discussion

HSL Loggin & Splunk

1 Reply

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

About F5 idle timeout and keep-alive

Problem with sending BotDefense logs to remote server

OSPF traps on BIG-IP v14

[APM] - How to clear the cached certificate for specific url

Fireeye AX integration with F5 via API.

Related Content

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

Setting up F5 Telemetry Streaming with Splunk Cloud

Using F5 Distributed Cloud AppStack & CE Site Survivability

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing

it-sa Expo & Congress in Germany - DevCentral Visits

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS